proc/<pid> directory content continued:
/proc/<pid>/coredump_filter
Since kernel 2.6.23, this file can be used to control which memory segments are written to the core dump file in the event that a core dump is performed for the process with the corresponding process ID. The value in the file is a bit mask of memory mapping types.
- bit 0 Dump anonymous private mappings.
- bit 1 Dump anonymous shared mappings.
- bit 2 Dump file-backed private mappings.
- bit 3 Dump file-backed shared mappings.
- bit 4 (kernel 2.6.24) Dump ELF headers.
- bit 5 (kernel 2.6.28) Dump private huge pages.
- bit 6 (kernel 2.6.28) Dump shared huge pages.
- bit 7 (kernel 4.4) Dump private DAX pages.
- bit 8 (kernel 4.4) Dump shared DAX pages.
Use sshd process as an example, its coredump_filter value is
$ cat coredump_filter
00000033If you convert 00000033 into 8 bit binary, it's 00110011, which means that bits 0 (anonymous private mappings), 1 (anonymous shared mappings), 4 (ELF headers) and 5 (private huge pages) are active.
/proc/<pid>/cpuset
/proc/<pid>/cpuset displays the path of the process's cpuset directory relative to the root of the cpuset file system.
/proc/<pid>/cwd
This is a symbolic link to the current working directory of the process. To find out the current working directory of process xx:
$ cd /proc/xx/cwd
$ pwd
//proc/<pid>/environ
This file contains the environment for the process. The entries are separated by null bytes ('\0'), and there may be a null byte at the end. Thus, to print out the environment of process xx, you would do:
$ strings /proc/pid/environ
LANG=en_US.UTF-8
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin
NOTIFY_SOCKET=/run/systemd/notify
SSH_USE_STRONG_RNG=0/proc/<pid>/exe
It is a symbolic link containing the actual pathname of the executed command. You can even type /proc/[pid]/exe to run another copy of the same executable as is being run by process [pid]. Use sshd process as an example:
$ ll exe
lrwxrwxrwx 1 root root 0 Nov 17 06:05 exe -> /usr/sbin/sshd/proc/<pid>/fd
This is a directory, which contains one entry for each file which the process has open, named by its file descriptor, and which is a symbolic link to the actual file. Thus, 0 is standard input, 1 standard output, 2 standard error, etc. For example:
lrwx------ 1 root root 64 Nov 18 15:26 0 -> /dev/null
lrwx------ 1 root root 64 Nov 18 15:26 1 -> /dev/null
lrwx------ 1 root root 64 Nov 18 15:26 2 -> /dev/null
lrwx------ 1 root root 64 Nov 18 15:26 3 -> socket:[17751]
l-wx------ 1 root root 64 Nov 18 15:26 4 -> /var/lib/dhclient/dhclient--eth0.lease
lrwx------ 1 root root 64 Nov 18 15:26 5 -> socket:[18710]
lrwx------ 1 root root 64 Nov 18 15:26 6 -> socket:[18711]/proc/<pid>/fdinfo
Similar to fd directory, this folder contains one entry for each file which the process has open, named by its file descriptor. The contents of each file can be read to obtain information about the corresponding file descriptor, for example:
$ cat /proc/12015/fdinfo/4
pos: 1000 -> File offset
flags: 01002002 -> Octal format, file access mode and status flags/proc/<pid>/gid_map and uid_map
When a user namespace is created, it starts out without a mapping of user IDs (group IDs) to the parent user namespace. The /proc/<pid>/uid_map and /proc/<pid>/gid_map files (available since Linux 3.5) expose the mappings for user and group IDs inside the user namespace for the process pid. These files can be read to view the mappings in a user namespace and written to (once) to define the mappings.
$ cat gid_map
0 0 4294967295This mapping tells us that the range starting at user ID 0 in this namespace maps to a range starting at 0 in the (nonexistent) parent namespace, and the length of the range is the largest 32-bit unsigned integer.
/proc/<pid>/io
This file contains I/O statistics for the process, for example:
$ cat io
rchar: 253848578 -> Characters read
wchar: 2714152 -> Characters writter
syscr: 355989 -> read syscalls count
syscw: 13708 -> write syscalls count
read_bytes: 0 -> Bytes read
write_bytes: 0 -> Bytes written
cancelled_write_bytes: 0/proc/<pid>/limits
This file displays the soft limit, hard limit, and units of measurement for each of the process's resource limits. Since Linux 2.6.36, this file is readable by all users on the system.
Example:
Limit Soft Limit Hard Limit Units
Max cpu time unlimited unlimited seconds
Max file size unlimited unlimited bytes
Max data size unlimited unlimited bytes
Max stack size 8388608 unlimited bytes
Max core file size 0 unlimited bytes
Max resident set unlimited unlimited bytes
Max processes 31360 31360 processes
Max open files 1024 4096 files
Max locked memory 65536 65536 bytes
Max address space unlimited unlimited bytes
Max file locks unlimited unlimited locks
Max pending signals 31360 31360 signals
Max msgqueue size 819200 819200 bytes
Max nice priority 0 0
Max realtime priority 0 0
Max realtime timeout unlimited unlimited us/proc/<pid>/loginuid
As it name suggests, it stores the process onwer's uid. For example:
$ cat loginuid
1001- 4294967295 is just (unsigned long) -1. -1 means that
loginuidwas not set. This is normal behavior for processes that were not spawned by any login process
/proc/<pid>/map_files
This subdirectory contains entries corresponding to memory-mapped files. Entries are named by memory region start and end address pair (expressed as hexadecimal numbers), and are symbolic links to the mapped files themselves. For example:
3252e00000-3252e20000 -> /usr/lib64/ld-2.15.soThis directory appears only if the CONFIG_CHECKPOINT_RESTORE kernel configuration option is enabled.
/proc/<pid>/maps
A file containing the currently mapped memory regions and their access permissions. For example:
address perms offset dev inode pathname
559ad0904000-559ad09c7000 r-xp 00000000 103:01 821707 /usr/sbin/sshd
559ad0bc6000-559ad0bca000 r--p 000c2000 103:01 821707 /usr/sbin/sshd- r = read
- w = write
- x = execute
- s = shared
- p = private (copy on write)
offset means the offset into the file/whatever; dev is the device (major:minor); inode is the inode on that device. 0 indicates that no inode is associated with the memory region